IT SECURITY ENGINEER - RISK & CYBER - CYBERSECURITY (JOB NUMBER: WEA003054)






About BNP Paribas India Solutions:


Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, European Union\xe2\x80\x99s leading bank with an international reach. With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24x7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 10000 employees, to provide support and develop best-in-class solutions.





About BNP Paribas Group:


BNP Paribas is the European Union\xe2\x80\x99s leading bank and key player in international banking. It operates in 65 countries and has nearly 185,000 employees, including more than 145,000 in Europe. The Group has key positions in its three main fields of activity: Commercial, Personal Banking & Services for the Group\xe2\x80\x99s commercial & personal banking and several specialised businesses including BNP Paribas Personal Finance and Arval; Investment & Protection Services for savings, investment, and protection solutions; and Corporate & Institutional Banking, focused on corporate and institutional clients. Based on its strong diversified and integrated model, the Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporates and institutional clients) to realize their projects through solutions spanning financing, investment, savings and protection insurance. In Europe, BNP Paribas has four domestic markets: Belgium, France, Italy, and Luxembourg. The Group is rolling out its integrated commercial & personal banking model across several Mediterranean countries, Turkey, and Eastern Europe. As a key player in international banking, the Group has leading platforms and business lines in Europe, a strong presence in the Americas as well as a solid and fast-growing business in Asia-Pacific. BNP Paribas has implemented a Corporate Social Responsibility approach in all its activities, enabling it to contribute to the construction of a sustainable future, while ensuring the Group\'s performance and stability





Commitment to Diversity and Inclusion


At BNP Paribas, we passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued, respected and can bring their authentic selves to work. We prohibit Discrimination and Harassment of any kind and our policies promote equal employment opportunity for all employees and applicants, irrespective of, but not limited to their gender, gender identity, sex, sexual orientation, ethnicity, race, colour, national origin, age, religion, social status, mental or physical disabilities, veteran status etc. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in.





About Businessline/Function :


For 150 years, BNP Paribas Wealth Management has been committed to protecting clients\xe2\x80\x99 wealth, developing it, and eventually passing it on to their loved ones. We deliver tailor-made experience, with outstanding attention to detail and expertise from precise local knowledge to the global know-how that we access from the Group. Our goal is to create a new wealth management experience fit for a world where digital interactions have come to enhance human ones. Wealth Management Investment Solution Hub (WMIS Hub) provides a global IT solution for BNP Paribas Wealth Management where we develop, maintain and evolve IT applications which fits to the specific needs of BNP Paribas Wealth Management business users.





Job Title:

IT Security Engineer

Date:

25-Apr-2024


Department:

Wealth Management

Location:

Chennai


Business Line / Function:

ITRCS

Reports to: (Direct)

NA


Grade: (if applicable)

(Functional)


Number of Direct Reports:

NA

Directorship / Registration:

NA


Position Purpose


Role of Wealth Management Cybersecurity Security Officer, being understood this role includes delegations from APAC WM CISO. Participate to IT project security reviews conducted both on a global and APAC basis across all platforms. This requires the incumbent to foster close working relationships with other business areas and IT Development/Production teams. The incumbent will work hand in hand with the IT Dev, Prod teams and the business, as an enabler and a facilitator.


Responsibilities




Direct Responsibilities


\xc3\xbc Cybersecurity
o Ensure the protection of WM business data with an adequate security level of WM assets based on review processes
o Ensure the coordination with other IT security or other actors in the region or globally
o Assist for a Risk Treatment for any APAC WM issue, based on the processes
o Identify the IT security risks in advance, record and follow-up them
o Define and contribute to processes from cybersecurity perspective
o Periodic reporting of security status to IT Security Domain Head
o Ensure the regular reporting for management follow-up
o Ensure to follow-up on the DLP, Incident Management topics with by investigating and following with handlers until the issue is closed.
o Ensure to onboard the Assets & Applications in SIEM and handling BAU, create / update relevant documents.
\xc3\xbc Production Security
o Ensure the effectiveness and success of vulnerability management process
o Ensure the compliance level of the production environment and integrate to reporting
\xc3\xbc IT security compliance (delegation on WM APAC scope)
o Ensure the alignment with the Group and WM GAIM security policies, for both project and production assets
o Ensure the compliance with regulatory bodies requirements, including for APAC (HKMA, MAS), EU (GDPR), Switzerland (FINMA)
o Leveraging on a deep knowledge of Security standards such as NIST, CIS,ISO2700x , ensure the compliance with the IT security requirements
o Ensure the compliance with the Third-party Technology risks and the Cloud security
o Identify the process gaps and provide solutions


\xc3\xbc Coordination with IT Security actors
o Alignment on the objectives and means, contribution to the different global reporting (WM Cybersecurity Committee, Application Security Dashboard\xe2\x80\xa6)
o Coordination and control of security activities performed by APAC Business Information Security and Production Security teams, including production security review, user security awareness for the WM scope.
o Coordination with the global security teams concerning integration of WM assets within production sites
o Keeping abreast of initiatives by the IT Security community within the Group and other IT Security stakeholders within the Group



Technical & Behavioral Competencies


Essential Technical Knowledge



Network protocols and network connectivity concepts; Firewall and Internet technologies

Deep Knowledge


Secure application design and architecture principles \xe2\x80\x93 including DevSecOps tools and practices (CI/CD)

Deep Knowledge


Secure access control mechanisms: Encryption and Key Management techniques

Deep Knowledge


Technical proficiency in various Operating Systems (Linux, AIX, Windows, AS400) and Databases (Oracle, MSSQL, PostGreSQL, MongDB

Deep Knowledge


Knowledge of understanding digital transformation and mobile technologies and Cloud (Containers Docker, Kubernetes).

Good


Knowledge of emerging technologies (NFT, encryption)

Good


Knowledge in technologies like OAuth, Single Sign On, API based approach, TDD, BDD

Good


Knowledge of standard IT Security concepts and methodologies

Deep Knowledge


Deep understanding of cybersecurity threats and remediation options

Deep Knowledge


IT Security Risk Assessment and Risk Management

Good


IT Incident Management, CSIRT, DLP

Good


IT Network Security (FW, WAF, Anti-DDos etc)

Good
Essential Banking Knowledge



Banking Knowledge and understanding of Wealth Management specificities

General Knowledge


International and APAC banking regulations

Deep Knowledge
Essential Personal Skills



Communication skills \xe2\x80\x93 Ability to interact throughout oral and written communication skills

Deep Knowledge


Provide leadership to various stakeholders in proactive manner

Deep Knowledge


Ability to provide an accurate reporting to the Management

Deep Knowledge


Must be motivated, and able to work independently as well as part of a team

Deep Knowledge


Must demonstrate ethical responsibility, maturity, and discretion

Deep Knowledge



Specific Qualifications (if required)



\xc3\xbc 5 to 8 years\' experience in information security
\xc3\xbc Management or leadership experience
\xc3\xbc Experience in evaluation and design of technical architectures and processes
\xc3\xbc Functional as well as technical knowledge of the common technical frameworks and solutions
\xc3\xbc Knowledge of the Norms and Standards of the banking and cybersecurity industry
Other Value-added Competencies
\xc3\xbc Advanced IT security certifications may be advantageous (such as CEH, ISO 270001:2013 ,CSK\xe2\x80\xa6).
\xc3\xbc Operational Risk and Permanent Control


Skills Referential


Behavioural Skills: (Please select up to 4 skills)


Creativity & Innovation / Problem solving


Communication skills - oral & written


Decision Making


Ability to deliver / Results driven


Transversal Skills: (Please select up to 5 skills)


Analytical Ability


Ability to develop and adapt a process


Ability to understand, explain and support change


Ability to manage a project


Ability to set up relevant performance indicators


Education Level:

Bachelor Degree or equivalent


Experience Level

At least 5 years


Other/Specific Qualifications (if required)


Other Value-added Competencies

\xc3\xbc Advanced IT security certifications may be advantageous (such as CEH, ISO 270001:2013 ,CSK\xe2\x80\xa6)..
\xc3\xbc





NA

Primary Location

: IN-TN-Chennai

Job Type

: Standard / Permanent

Job

: INFORMATION TECHNOLOGY
Education Level: Bachelor Degree or equivalent (>= 3 years)
Experience Level: At least 5 years

Schedule

: Full-time